Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-24882

Опубликовано: 22 апр. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

A vulnerability was found in freerdp. The flaw occurs because the NT LAN Manager (NTLM) authentication does not properly abort when someone provides an empty password value. This issue exposes an improper authenticating vulnerability.

Отчет

The CVE is just for server functionality, but the server support is completely disabled in RHEL. So RHEL is not affected by this CVE.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6freerdpNot affected
Red Hat Enterprise Linux 7freerdpNot affected
Red Hat Enterprise Linux 8freerdpNot affected
Red Hat Enterprise Linux 9freerdpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-287->CWE-233
https://bugzilla.redhat.com/show_bug.cgi?id=2079056freerdp: Server side NTLM does not properly check parameters

EPSS

Процентиль: 44%
0.00217
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-24882

CVSS3: 9.1
ubuntu
около 3 лет назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

nvd логотип

CVE-2022-24882

CVSS3: 9.1
nvd
около 3 лет назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

debian логотип

CVE-2022-24882

CVSS3: 9.1
debian
около 3 лет назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...

fstec логотип

BDU:2022-04713

CVSS3: 9.1
fstec
около 3 лет назад

Уязвимость реализации протокола NTLM RDP-клиента FreeRDP, позволяющая нарушителю раскрыть защищаемую информацию

suse-cvrf логотип

SUSE-SU-2022:2354-1

suse-cvrf
почти 3 года назад

Security update for freerdp

EPSS

Процентиль: 44%
0.00217
Низкий

7.5 High

CVSS3